diff options
| author | Abhishek Arya <aarya@google.com> | 2015-08-18 16:33:49 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-08-18 16:33:49 +0000 |
| commit | 3b77e940822e8a5ef4953b709bdae00fa1bcca43 (patch) | |
| tree | 3eafd348c58b70c0e73b752a345877d8956fe999 /media | |
| parent | e9a8362e1d379e90655e904ca49d6333e4218eda (diff) | |
| parent | d146d4660451fb04c039f4ac8554103876fa4722 (diff) | |
| download | frameworks_av-3b77e940822e8a5ef4953b709bdae00fa1bcca43.zip frameworks_av-3b77e940822e8a5ef4953b709bdae00fa1bcca43.tar.gz frameworks_av-3b77e940822e8a5ef4953b709bdae00fa1bcca43.tar.bz2 | |
am d146d466: am 6f561b93: Merge "MatroskaExtractor: detect infinite loop when parsing NALs" into klp-dev
* commit 'd146d4660451fb04c039f4ac8554103876fa4722':
MatroskaExtractor: detect infinite loop when parsing NALs
Diffstat (limited to 'media')
| -rw-r--r-- | media/libstagefright/matroska/MatroskaExtractor.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp index bca1bae..44a1e22 100644 --- a/media/libstagefright/matroska/MatroskaExtractor.cpp +++ b/media/libstagefright/matroska/MatroskaExtractor.cpp @@ -21,6 +21,7 @@ #include "MatroskaExtractor.h" #include <media/stagefright/foundation/ADebug.h> +#include <media/stagefright/foundation/AUtils.h> #include <media/stagefright/foundation/hexdump.h> #include <media/stagefright/DataSource.h> #include <media/stagefright/MediaBuffer.h> @@ -630,7 +631,12 @@ status_t MatroskaSource::read( TRESPASS(); } - if (srcOffset + mNALSizeLen + NALsize > srcSize) { + if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) { + frame->release(); + frame = NULL; + + return ERROR_MALFORMED; + } else if (srcOffset + mNALSizeLen + NALsize > srcSize) { break; } |